Find out more about the details required by Hyperglance to connect to your AWS Account.
In the Hyperglance Settings ( https://IP_address/#/admin ) select the 'Amazon' Collector under the 'Collectors' section. Click on the 'Add Account' button which shows this dialog:
Note: Hyperglance Settings is visible only to admin users of Hyperglance.
1. Account Alias
Any unique identifying keyword you want to use to identify this account.
The Account Alias is also used to reference this account within Hyperglance's Role-Based Access Control (RBAC) system
2. Access Key & Secret Key
An access and secret keys associated to a user that Hyperglance will use to connect to AWS.
Note to AWS Marketplace users: These fields are not shown (and are not needed) for instances of Hyperglances launched from the AWS Marketplace.
They will be shown for instances launched from the Azure Marketplace or our Docker-based trial.
3. Role ARN
The ARN of an account-trusted IAM Role to use for STS AssumeRole. This allows Hyperglance to connect to the account referred to by the role.
4. Is Billing Only (new in v6.6.2)
Leave this unchecked so that Hyperglance pulls in resource inventory data.
Use this to pull billing data from an organisation's consolidated billing account without pulling in any resource inventory. You will need to add at least one other "linked" account from the organisation with Is Billing Only left unchecked.
5. Account Groups
Any identifying keyword you want to use to group together your different accounts in Hyperglance.
The Account Groups can also serve as filters when displaying data across Hyperglance pages and rules.
The regions you wish for Hyperglance to collect data from.
Choose from either the GovCloud regions or the standard regions (it is not possible to choose from both sets at once).
Tip: Only select the regions that you use. This reduces the number of AWS API calls that Hyperglance needs to make and makes the collection process faster.
How does Hyperglance connect to AWS?
The connection technique used by Hyperglance varies depending on where the Hyperglance appliance is running (in or out of AWS) and which connection details you have supplied to the credential form above.
The following table outlines the connection technique used based on these factors:
|Where Hyperglance is running||Form details required/supplied||Connection technique used|
|In AWS (Launched from the AWS Marketplace)||Role ARN||STS Assume Role 'to' the account referred to by the role.|
|Outside of AWS (In Azure or Docker)||Access Key + Secret Key
(No role ARN)
|Connects to the account associated with those keys.|
|Access Key + Secret Key + Role ARN||First connects to the account associated with those keys and then performs STS Assume Role 'to' the account referred to by the role.|
AWS IAM Policy permissions needed
When Hyperglance runs as an EC2 Instance with an IAM user policy attached that policy must allow Hyperglance to poll the relevant information from the API.
See our AWS IAM Policy Requirements for the required policy configuration.